07/15/2015

The Latest HIPAA Settlement Is Eye-Catching

by ZixCorp

On Monday, Joseph Conn published an article for Modern Healthcare highlighting a recent HIPAA settlement between St. Elizabeth's Medical Center and the Office for Civil Rights (OCR), which as most of you know enforces the HIPAA Privacy Rule. Settlements with the OCR and breaches on its “Wall of Shame” are so frequent that it’s easy to ignore the latest news, but this particular article caught our eye when reporting:

Insight from Adam Greene, a well-known privacy lawyer, who said, “you're going to have to have a business associate agreement (BAA) with any cloud-based (service) providers.”

The violations came to light after complaints from the medical center’s own employee base

Often organizations have to account for employees as a weak link in their security and compliance strategy. We understand why; mistakes happen, as we ourselves pointed out in Monday’s data loss prevention blog. However, this article serves as a great reminder that, interestingly enough, employees are also an organization’s greatest asset. Not only are employees critical to the success of quality care and daily operations, they can be your eyes and ears to ensure security and compliance are meeting your standards day-in and day-out. After all, you spend valuable resources and time training employees on the appropriate policies and procedures; put that training to even greater use by leveraging employee feedback on what’s working and where you need to fill holes. Now in turning our attention to the other two highlights – the “rare enforcement area” of Internet-based file-sharing services and the BAA with any cloud-based (service) providers – we would be remiss if we didn’t offer a quick and selfish reminder that Zix is the leader in protecting the most popular file sharing method (aka email) and, unlike many email encryption competitors, will sign a BAA. We’ve signed several hundred so far and are happy to work with you to provide this extra layer of assurance.